Merge pull request #1 from jamesmorrison/feature/enhancements

Updates and enhancements to documentation.

Author: jamesmorrison

CHANGELOG.md

@@ -2,5 +2,8 @@
 
 All notable changes to this project will be documented in this file, per [the Keep a Changelog standard](http://keepachangelog.com/), and will adhere to [Semantic Versioning](http://semver.org/).
 
+## [1.0.0] - 2023-06-23
+- Updates and enhancements to documentation. 🎉
+
 ## [0.1.0] - 2023-02-27
 - Initial private release! 🎉

cloudflare-access-sso.php

@@ -1,21 +1,23 @@
 <?php
 /**
- * Coudflare Access SSO
+ * Cloudflare Access SSO
  *
  * @package   CloudflareAccessSSO
  * @link      https://github.com/jamesmorrison/cloudflare-access-sso
  * @author    James Morrison
  * @copyright James Morrison 2023
  * @license   GPL v2 or later
  *
- * Plugin Name:  Cloudflare Access SSO
- * Description:  Facilitates automatic login to WordPress when domain is protected with Cloudflare Access
- * Version:      0.1.0
- * Plugin URI:   https://github.com/jamesmorrison/cloudflare-access-sso
- * Author:       James Morrison
- * Author URI:   https://jamesmorrison.uk/
- * Text Domain:  cloudflare-access-sso
- * Domain Path:  /languages/
+ * Plugin Name: Cloudflare Access SSO
+ * Description: Facilitates automatic login to WordPress when domain is protected with Cloudflare Access
+ * Version:     1.0.0
+ * Plugin URI:  https://github.com/jamesmorrison/cloudflare-access-sso
+ * Author:      James Morrison
+ * Author URI:  https://jamesmorrison.uk/
+ * Text Domain: cloudflare-access-sso
+ * Domain Path: /languages/
+ * License:     GPL v2 or later
+ * License URI: https://www.gnu.org/licenses/gpl-2.0.html
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,23 +33,18 @@
 // Security check
 defined( 'ABSPATH' ) || exit;
 
-// The Cloudflare Team Name is required.
+// The Cloudflare Team Name is required
 if ( ! defined( 'CF_ACCESS_TEAM_NAME' ) ) {
 	error_log( 'Cloudflare Access SSO Error: CF_ACCESS_TEAM_NAME is not defined.' ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 	return;
 }
 
-// The Cloudflare Application ID is required.
+// The Cloudflare Application ID is required
 if ( ! defined( 'CF_ACCESS_AUD' ) ) {
 	error_log( 'Cloudflare Access SSO Error: CF_ACCESS_AUD is not defined.' ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
 	return;
 }
 
-// Default to not enforcing SSO (which redirects wp-login => wp-admin)
-if ( ! defined( 'CF_ACCESS_ENFORCE_SSO' ) ) {
-	define( 'CF_ACCESS_ENFORCE_SSO', false );
-}
-
 // Default to 3 attempts to complete authentication
 if ( ! defined( 'CF_ACCESS_ATTEMPTS' ) ) {
 	define( 'CF_ACCESS_ATTEMPTS', 3 );
@@ -58,24 +55,23 @@
 	define( 'CF_ACCESS_LEEWAY', 60 );
 }
 
-
-// Useful global constants.
-define( 'CLOUDFLARE_ACCESS_SSO_PLUGIN_VERSION', '0.1.0' );
+// Useful global constants
+define( 'CLOUDFLARE_ACCESS_SSO_PLUGIN_VERSION', '1.0.0' );
 define( 'CLOUDFLARE_ACCESS_SSO_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
 define( 'CLOUDFLARE_ACCESS_SSO_PLUGIN_PATH', plugin_dir_path( __FILE__ ) );
 define( 'CLOUDFLARE_ACCESS_SSO_PLUGIN_INC', CLOUDFLARE_ACCESS_SSO_PLUGIN_PATH . 'includes/' );
 
-// Require Composer autoloader if it exists.
+// Require Composer autoloader if it exists
 if ( file_exists( CLOUDFLARE_ACCESS_SSO_PLUGIN_PATH . 'vendor/autoload.php' ) ) {
 	require_once CLOUDFLARE_ACCESS_SSO_PLUGIN_PATH . 'vendor/autoload.php';
 }
 
-// Include files.
+// Include files
 require_once CLOUDFLARE_ACCESS_SSO_PLUGIN_INC . '/core.php';
 
-// Activation/Deactivation.
+// Activation / Deactivation
 register_activation_hook( __FILE__, '\CloudflareAccessSSO\Core\activate' );
 register_deactivation_hook( __FILE__, '\CloudflareAccessSSO\Core\deactivate' );
 
-// Bootstrap.
+// Bootstrap
 CloudflareAccessSSO\Core\setup();

composer.json

@@ -1,7 +1,7 @@
 {
   "name": "jamesmorrison/cloudflare-access-sso",
   "description": "Facilitates SSO login to WordPress via Cloudflare Access.",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "type": "wordpress-plugin",
   "homepage": "https://james.morrison.uk/plugins/cloudflare-access-sso/",
   "readme": "./readme.md",
@@ -20,11 +20,11 @@
   },
   "require": {
     "php": ">=8.0",
-    "firebase/php-jwt": "^6.4"
+    "firebase/php-jwt": "^6.8"
   },
   "autoload": {
     "psr-4": {
       "CloudflareAccessSSO\\": "includes/classes/"
     }
   }
-}
+}

composer.lock

@@ -94,7 +94,7 @@ public function process_login() {
 				JWT::$leeway = CF_ACCESS_LEEWAY;
 				$jwt_decoded = JWT::decode( $authorisation_header, JWK::parseKeySet( $certificates ), array( 'RS256' ) );
 
-				if ( isset( $jwt_decoded->email ) && isset( $jwt_decoded->aud ) && $this->verify_aud( $jwt_decoded->aud ) ) {
+				if ( isset( $jwt_decoded->email ) && isset( $jwt_decoded->aud ) && isset( $jwt_decoded->aud[0] ) && $this->verify_aud( $jwt_decoded->aud[0] ) ) {
 					$user = get_user_by( 'email', $jwt_decoded->email );
 
 					// If a matching user is found, facilitate log in.
@@ -180,8 +180,8 @@ protected function get_cloudflare_certificates( $force = false ) {
 	 * @return bool
 	 */
 	protected function verify_aud( $aud ) {
-		if ( is_array( $aud ) ) {
-				return in_array( CF_ACCESS_AUD, $aud, true );
+		if ( is_array( CF_ACCESS_AUD ) ) {
+			return in_array( $aud, CF_ACCESS_AUD, true );
 		} elseif ( is_string( $aud ) ) {
 				return CF_ACCESS_AUD === $aud;
 		}